How to set SSL Forward Secrecy & cipher-suite?

Discussion in 'General' started by Alfa1, Aug 9, 2014.

  1. Alfa1

    Alfa1 New Member

    When I check my SSL certificate through online SSL checkers I get these results:

    Server has not enabled HTTP Strict-Transport-Security
    Users may be exposed to man-in-the-middle attacks

    Server uses RC4 cipher with modern browsers
    More secure ciphers are available for TLS 1.1 and newer

    My host comments:
    Litespeed does not seem to have support for Forward Secrecy and I do not see any setting in the LiteSpeed Admin Panel to change the allowed cipher-suite for a DirectAdmin configuration. Please ask LiteSpeed support for assistance.

    Please advise how to resolve this.
  2. mistwang

    mistwang LiteSpeed Staff

  3. theRKF

    theRKF Well-Known Member

    Thanks for addressing these items. With Google's increased emphasis on https for all sites it's more important than ever that we be able to support SSL without taking much of a performance hit, and to make sure our servers are configured properly.

    I admit I'm punching above my weight a bit when it comes to some of these finer details of Litespeed config. Our box has tested with an A- on Qualsys SSL tool, with the same issues as above:
    So ... do I mess around more, or be happy with the A-?

    Will there be more detailed instructions available for dealing with these two issues?
  4. mistwang

    mistwang LiteSpeed Staff

    Forward Secrecy need carefully crafted ciphers setting.
    We update our latest 4.2.14 build with that as default, so, you may get it by updating to the latest 4.2.14 build.

    /usr/local/lsws/admin/misc/ -f -v 4.2.14

    Openssl has been updated to 1.0.1i .
    eva2000 likes this.
  5. theRKF

    theRKF Well-Known Member

    I am already running 4.2.14 at the time this was posted.

    We're running off the Apache config file, would that be the issue?
  6. mistwang

    mistwang LiteSpeed Staff

    Just force reinstall 4.2.14 to get the latest build.
  7. theRKF

    theRKF Well-Known Member

    Thanks - that got rid of the "RC4 cipher" warning, but I'm still getting:

  8. mistwang

    mistwang LiteSpeed Staff

Share This Page